{"id": "SUSE_SU-2017-0705-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : open-vm-tools (SUSE-SU-2017:0705-1)", "description": "This update for open-vm-tools to 10.1.0 stable brings features, fixes\nbugs and security issues :\n\n - New vmware-namespace-cmd command line utility\n\n - GTK3 support\n\n - Common Agent Framework (CAF)\n\n - Guest authentication with xmlsec1\n\n - Sub-command to push updated network information to the\n host on demand\n\n - Fix for quiesced snapshot failure leaving guest file\n system quiesced (bsc#1006796)\n\n - Fix for CVE-2015-5191 (bsc#1007600)\n\n - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496)\n\n - Add udev rule to increase VMware virtual disk timeout\n values (bsc#994598)\n\n - Fix vmtoolsd init script to run vmtoolsd in background\n (bsc#971031)\n\n - Fix copy-n-paste and drag-n-drop regressions\n (bsc#978424)\n\n - Add new vmblock-fuse.service\n\n - Fix a suspend with systemd issue (bsc#913727)\n\n - ESXi Serviceability\n\n - GuestInfo Enhancements\n\n - Compatibility with all supported versions of VMware\n vSphere, VMware Workstation 12.0 and VMware Fusion 8.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2017-03-16T00:00:00", "modified": "2017-03-16T00:00:00", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/97777", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1006796", "https://bugzilla.suse.com/show_bug.cgi?id=1024202", "https://bugzilla.suse.com/show_bug.cgi?id=938593", "https://bugzilla.suse.com/show_bug.cgi?id=1011057", "https://www.suse.com/security/cve/CVE-2015-5191/", "https://bugzilla.suse.com/show_bug.cgi?id=985110", "http://www.nessus.org/u?8752967e", "https://bugzilla.suse.com/show_bug.cgi?id=1013496", "https://bugzilla.suse.com/show_bug.cgi?id=1007600", "https://bugzilla.suse.com/show_bug.cgi?id=941384", "https://bugzilla.suse.com/show_bug.cgi?id=913727", "https://bugzilla.suse.com/show_bug.cgi?id=971031", "https://bugzilla.suse.com/show_bug.cgi?id=944615", "https://bugzilla.suse.com/show_bug.cgi?id=994598", "https://bugzilla.suse.com/show_bug.cgi?id=952645", "https://bugzilla.suse.com/show_bug.cgi?id=978424"], "cvelist": ["CVE-2015-5191"], "type": "nessus", "lastseen": "2021-01-20T14:47:21", "edition": 34, "viewCount": 33, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5191"]}, {"type": "fedora", "idList": ["FEDORA:CF50E61CF038", "FEDORA:A8F0861CDB5C"]}, {"type": "nessus", "idList": ["FEDORA_2017-08EC8B6DC4.NASL", "FEDORA_2017-4B4154D6F6.NASL", "SUSE_SU-2017-0702-1.NASL", "OPENSUSE-2017-276.NASL", "OPENSUSE-2017-385.NASL", "SUSE_SU-2017-0701-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873213", "OPENVAS:1361412562310873161"]}, {"type": "vmware", "idList": ["VMSA-2017-0013"]}], "modified": "2021-01-20T14:47:21", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-01-20T14:47:21", "rev": 2}, "vulnersScore": 5.9}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0705-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97777);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5191\");\n\n script_name(english:\"SUSE SLES11 Security Update : open-vm-tools (SUSE-SU-2017:0705-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for open-vm-tools to 10.1.0 stable brings features, fixes\nbugs and security issues :\n\n - New vmware-namespace-cmd command line utility\n\n - GTK3 support\n\n - Common Agent Framework (CAF)\n\n - Guest authentication with xmlsec1\n\n - Sub-command to push updated network information to the\n host on demand\n\n - Fix for quiesced snapshot failure leaving guest file\n system quiesced (bsc#1006796)\n\n - Fix for CVE-2015-5191 (bsc#1007600)\n\n - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496)\n\n - Add udev rule to increase VMware virtual disk timeout\n values (bsc#994598)\n\n - Fix vmtoolsd init script to run vmtoolsd in background\n (bsc#971031)\n\n - Fix copy-n-paste and drag-n-drop regressions\n (bsc#978424)\n\n - Add new vmblock-fuse.service\n\n - Fix a suspend with systemd issue (bsc#913727)\n\n - ESXi Serviceability\n\n - GuestInfo Enhancements\n\n - Compatibility with all supported versions of VMware\n vSphere, VMware Workstation 12.0 and VMware Fusion 8.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5191/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170705-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8752967e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-open-vm-tools-13024=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-open-vm-tools-13024=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvmtools0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvmtools0-10.1.0-7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"open-vm-tools-10.1.0-7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-10.1.0-7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"libvmtools0-10.1.0-7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"open-vm-tools-10.1.0-7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"open-vm-tools-desktop-10.1.0-7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-vm-tools\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "97777", "cpe": ["p-cpe:/a:novell:suse_linux:open-vm-tools-desktop", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:open-vm-tools", "p-cpe:/a:novell:suse_linux:libvmtools0"], "scheme": null, "cvss3": {"score": 6.7, "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2021-02-02T06:21:26", "description": "VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "edition": 6, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-28T21:29:00", "title": "CVE-2015-5191", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5191"], "modified": "2017-08-08T14:19:00", "cpe": ["cpe:/a:vmware:tools:10.0.8"], "id": "CVE-2015-5191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5191", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:vmware:tools:10.0.8:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5191"], "description": "The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve t he functionality, user experience and administration of VMware virtual machine s. This package contains only the core user-space programs and libraries of open-vm-tools. ", "modified": "2017-07-26T18:23:47", "published": "2017-07-26T18:23:47", "id": "FEDORA:CF50E61CF038", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: open-vm-tools-10.1.5-5.fc26", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5191"], "description": "The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve t he functionality, user experience and administration of VMware virtual machine s. This package contains only the core user-space programs and libraries of open-vm-tools. ", "modified": "2017-08-02T20:52:12", "published": "2017-08-02T20:52:12", "id": "FEDORA:A8F0861CDB5C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: open-vm-tools-10.1.5-5.fc25", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T14:25:33", "description": "This update for open-vm-tools to 10.1.0 stable brings features, fixes\nbugs and security issues :\n\n - New vmware-namespace-cmd command line utility\n\n - GTK3 support\n\n - Common Agent Framework (CAF)\n\n - Guest authentication with xmlsec1\n\n - Sub-command to push updated network information to the\n host on demand\n\n - Fix for quiesced snapshot failure leaving guest file\n system quiesced (bsc#1006796)\n\n - Fix for CVE-2015-5191 (bsc#1007600)\n\n - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496)\n\n - Add udev rule to increase VMware virtual disk timeout\n values (bsc#994598)\n\n - Fix vmtoolsd init script to run vmtoolsd in background\n (bsc#971031)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 37, "cvss3": {"score": 6.7, "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-16T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : open-vm-tools (SUSE-SU-2017:0702-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5191"], "modified": "2017-03-16T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:open-vm-tools-desktop-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:open-vm-tools-debugsource", "p-cpe:/a:novell:suse_linux:open-vm-tools-desktop", "p-cpe:/a:novell:suse_linux:open-vm-tools", "p-cpe:/a:novell:suse_linux:open-vm-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libvmtools0", "p-cpe:/a:novell:suse_linux:libvmtools0-debuginfo"], "id": "SUSE_SU-2017-0702-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97775", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0702-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97775);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5191\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : open-vm-tools (SUSE-SU-2017:0702-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for open-vm-tools to 10.1.0 stable brings features, fixes\nbugs and security issues :\n\n - New vmware-namespace-cmd command line utility\n\n - GTK3 support\n\n - Common Agent Framework (CAF)\n\n - Guest authentication with xmlsec1\n\n - Sub-command to push updated network information to the\n host on demand\n\n - Fix for quiesced snapshot failure leaving guest file\n system quiesced (bsc#1006796)\n\n - Fix for CVE-2015-5191 (bsc#1007600)\n\n - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496)\n\n - Add udev rule to increase VMware virtual disk timeout\n values (bsc#994598)\n\n - Fix vmtoolsd init script to run vmtoolsd in background\n (bsc#971031)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5191/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170702-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b97a832\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-382=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-382=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvmtools0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvmtools0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libvmtools0-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libvmtools0-debuginfo-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-debuginfo-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-debugsource-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-debuginfo-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libvmtools0-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libvmtools0-debuginfo-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-debuginfo-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-debugsource-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-10.1.0-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-debuginfo-10.1.0-8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-vm-tools\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:25:33", "description": "This update for open-vm-tools to 10.1.0 stable brings features, fixes\nbugs and security issues :\n\n - New vmware-namespace-cmd command line utility\n\n - GTK3 support\n\n - Common Agent Framework (CAF)\n\n - Guest authentication with xmlsec1\n\n - Sub-command to push updated network information to the\n host on demand\n\n - Fix for quiesced snapshot failure leaving guest file\n system quiesced (bsc#1006796)\n\n - Fix for CVE-2015-5191 (bsc#1007600)\n\n - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496)\n\n - Add udev rule to increase VMware virtual disk timeout\n values (bsc#994598)\n\n - Fix vmtoolsd init script to run vmtoolsd in background\n (bsc#971031)\n\n - Fix copy-n-paste and drag-n-drop regressions\n (bsc#978424)\n\n - Add new vmblock-fuse.service\n\n - Fix a suspend with systemd issue (bsc#913727)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 37, "cvss3": {"score": 6.7, "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-16T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : open-vm-tools (SUSE-SU-2017:0701-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5191"], "modified": "2017-03-16T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:open-vm-tools-desktop-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:open-vm-tools-debugsource", "p-cpe:/a:novell:suse_linux:open-vm-tools-desktop", "p-cpe:/a:novell:suse_linux:open-vm-tools", "p-cpe:/a:novell:suse_linux:open-vm-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libvmtools0", "p-cpe:/a:novell:suse_linux:libvmtools0-debuginfo"], "id": "SUSE_SU-2017-0701-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97774", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0701-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97774);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5191\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : open-vm-tools (SUSE-SU-2017:0701-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for open-vm-tools to 10.1.0 stable brings features, fixes\nbugs and security issues :\n\n - New vmware-namespace-cmd command line utility\n\n - GTK3 support\n\n - Common Agent Framework (CAF)\n\n - Guest authentication with xmlsec1\n\n - Sub-command to push updated network information to the\n host on demand\n\n - Fix for quiesced snapshot failure leaving guest file\n system quiesced (bsc#1006796)\n\n - Fix for CVE-2015-5191 (bsc#1007600)\n\n - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496)\n\n - Add udev rule to increase VMware virtual disk timeout\n values (bsc#994598)\n\n - Fix vmtoolsd init script to run vmtoolsd in background\n (bsc#971031)\n\n - Fix copy-n-paste and drag-n-drop regressions\n (bsc#978424)\n\n - Add new vmblock-fuse.service\n\n - Fix a suspend with systemd issue (bsc#913727)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5191/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170701-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?895f9cee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-384=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-384=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvmtools0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvmtools0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-vm-tools-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvmtools0-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvmtools0-debuginfo-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-debuginfo-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-debugsource-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-debuginfo-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvmtools0-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvmtools0-debuginfo-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-debuginfo-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-debugsource-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-10.1.0-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"open-vm-tools-desktop-debuginfo-10.1.0-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-vm-tools\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:10:50", "description": "Fix /tmp race conditions in libDeployPkg (CVE-2015-5191).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 26, "cvss3": {"score": 6.7, "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-04T00:00:00", "title": "Fedora 25 : open-vm-tools (2017-4b4154d6f6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5191"], "modified": "2017-08-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:open-vm-tools"], "id": "FEDORA_2017-4B4154D6F6.NASL", "href": "https://www.tenable.com/plugins/nessus/102185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-4b4154d6f6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102185);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5191\");\n script_xref(name:\"FEDORA\", value:\"2017-4b4154d6f6\");\n\n script_name(english:\"Fedora 25 : open-vm-tools (2017-4b4154d6f6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix /tmp race conditions in libDeployPkg (CVE-2015-5191).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b4154d6f6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected open-vm-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:open-vm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"open-vm-tools-10.1.5-5.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-vm-tools\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:09", "description": "Fix /tmp race conditions in libDeployPkg (CVE-2015-5191).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 25, "cvss3": {"score": 6.7, "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-27T00:00:00", "title": "Fedora 26 : open-vm-tools (2017-08ec8b6dc4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5191"], "modified": "2017-07-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:26", "p-cpe:/a:fedoraproject:fedora:open-vm-tools"], "id": "FEDORA_2017-08EC8B6DC4.NASL", "href": "https://www.tenable.com/plugins/nessus/101986", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-08ec8b6dc4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101986);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5191\");\n script_xref(name:\"FEDORA\", value:\"2017-08ec8b6dc4\");\n\n script_name(english:\"Fedora 26 : open-vm-tools (2017-08ec8b6dc4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix /tmp race conditions in libDeployPkg (CVE-2015-5191).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-08ec8b6dc4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected open-vm-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:open-vm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"open-vm-tools-10.1.5-5.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-vm-tools\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:32:14", "description": "This update for open-vm-tools fixes the following issues :\n\n - Updated to 10.1.0 stable release (boo#1011057)\n\n + vmware-namespace-cmd command line utility.\n\n + gtk3 support\n\n + Common Agent Framework (CAF)\n\n + guest authentication with xmlsec1\n\n + FreeBSD support\n\n + sub-command to push updated network information to the\n host on demand\n\n + udev rules for configuring SCSI timeouts in the guest\n\n + fixes for Ubuntu 16.10\n\n + Fix for quiesced snapshot failure leaving guest file\n system quiesced (boo#1006796)\n\n + Fix for CVE-2015-5191 (boo#1007600)\n\n - Report SLES12-SAP guest OS as SLES12 (boo#1013496)\n\n - Remove building KMP modules. No longer needed or wanted\n for current releases. User space tool vmhgfs-fuse has\n replaced the need for vmhgfs kernel module.\n\n - Add udev rule to increase VMware virtual disk timeout\n values (boo#994598) \n\n - Fix vmtoolsd init script to run vmtoolsd in background.\n (boo#971031)\n\n + fix originally done in SLE-11-SP4 code base by\n tcech@suse.cz\n\n - Added patches for GCC 6 build failure (boo#985110)\n\n - Update to 10.0.7-gtk3 stable branch\n\n + add support for gtk3, needed by the dndcp and\n resolutionset plugins\n\n + remove files generated by autoreconf\n\n + a few minor build fixes\n\n - Update fixes copy-n-paste and drag-n-drop regressions\n (boo#978424)\n\n - Added new vmblock-fuse.service\n\n - Update to 10.0.7 stable branch\n\n + Added namespace command line utility\n 'vmware-namespace-cmd'.\n\n - Compile without gtkmm support for SLES12 based\n environments (which do not provide gtkmm2.4)\n\n - Update to 10.0.5 stable branch\n\n + [vgauth] fix timestamp check\n\n + [libresolutionSet.so] Add an error handler to X11\n resolutionSet\n\n + [vmci.ko] Kill tasklet when unloading vmci module\n\n + [libvmbackup.so] Quiesced snapshots Skip freezing autofs\n mounts.\n\n + [vmhgfs.ko] make vmhgfs compatible with Linux kernel 4.2 \n\n - This update also addresses a suspend with systemd issue\n (boo#913727)", "edition": 26, "cvss3": {"score": 6.7, "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-02-21T00:00:00", "title": "openSUSE Security Update : open-vm-tools (openSUSE-2017-276)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5191"], "modified": "2017-02-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvmtools0", "p-cpe:/a:novell:opensuse:open-vm-tools-desktop-debuginfo", "p-cpe:/a:novell:opensuse:libvmtools0-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:open-vm-tools-debugsource", "p-cpe:/a:novell:opensuse:open-vm-tools-desktop", "p-cpe:/a:novell:opensuse:open-vm-tools-debuginfo", "p-cpe:/a:novell:opensuse:libvmtools-devel", "p-cpe:/a:novell:opensuse:open-vm-tools"], "id": "OPENSUSE-2017-276.NASL", "href": "https://www.tenable.com/plugins/nessus/97285", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-276.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97285);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5191\");\n\n script_name(english:\"openSUSE Security Update : open-vm-tools (openSUSE-2017-276)\");\n script_summary(english:\"Check for the openSUSE-2017-276 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for open-vm-tools fixes the following issues :\n\n - Updated to 10.1.0 stable release (boo#1011057)\n\n + vmware-namespace-cmd command line utility.\n\n + gtk3 support\n\n + Common Agent Framework (CAF)\n\n + guest authentication with xmlsec1\n\n + FreeBSD support\n\n + sub-command to push updated network information to the\n host on demand\n\n + udev rules for configuring SCSI timeouts in the guest\n\n + fixes for Ubuntu 16.10\n\n + Fix for quiesced snapshot failure leaving guest file\n system quiesced (boo#1006796)\n\n + Fix for CVE-2015-5191 (boo#1007600)\n\n - Report SLES12-SAP guest OS as SLES12 (boo#1013496)\n\n - Remove building KMP modules. No longer needed or wanted\n for current releases. User space tool vmhgfs-fuse has\n replaced the need for vmhgfs kernel module.\n\n - Add udev rule to increase VMware virtual disk timeout\n values (boo#994598) \n\n - Fix vmtoolsd init script to run vmtoolsd in background.\n (boo#971031)\n\n + fix originally done in SLE-11-SP4 code base by\n tcech@suse.cz\n\n - Added patches for GCC 6 build failure (boo#985110)\n\n - Update to 10.0.7-gtk3 stable branch\n\n + add support for gtk3, needed by the dndcp and\n resolutionset plugins\n\n + remove files generated by autoreconf\n\n + a few minor build fixes\n\n - Update fixes copy-n-paste and drag-n-drop regressions\n (boo#978424)\n\n - Added new vmblock-fuse.service\n\n - Update to 10.0.7 stable branch\n\n + Added namespace command line utility\n 'vmware-namespace-cmd'.\n\n - Compile without gtkmm support for SLES12 based\n environments (which do not provide gtkmm2.4)\n\n - Update to 10.0.5 stable branch\n\n + [vgauth] fix timestamp check\n\n + [libresolutionSet.so] Add an error handler to X11\n resolutionSet\n\n + [vmci.ko] Kill tasklet when unloading vmci module\n\n + [libvmbackup.so] Quiesced snapshots Skip freezing autofs\n mounts.\n\n + [vmhgfs.ko] make vmhgfs compatible with Linux kernel 4.2 \n\n - This update also addresses a suspend with systemd issue\n (boo#913727)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994598\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected open-vm-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvmtools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvmtools0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvmtools0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvmtools-devel-10.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvmtools0-10.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvmtools0-debuginfo-10.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"open-vm-tools-10.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"open-vm-tools-debuginfo-10.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"open-vm-tools-debugsource-10.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"open-vm-tools-desktop-10.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"open-vm-tools-desktop-debuginfo-10.1.0-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvmtools-devel / libvmtools0 / libvmtools0-debuginfo / etc\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:32:26", "description": "This update for open-vm-tools to 10.1.0 stable brings features, fixes\nbugs and security issues :\n\n - New vmware-namespace-cmd command line utility\n\n - GTK3 support\n\n - Common Agent Framework (CAF)\n\n - Guest authentication with xmlsec1\n\n - Sub-command to push updated network information to the\n host on demand\n\n - Fix for quiesced snapshot failure leaving guest file\n system quiesced (bsc#1006796)\n\n - Fix for CVE-2015-5191 (bsc#1007600)\n\n - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496)\n\n - Add udev rule to increase VMware virtual disk timeout\n values (bsc#994598) \n\n - Fix vmtoolsd init script to run vmtoolsd in background\n (bsc#971031)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.", "edition": 26, "cvss3": {"score": 6.7, "vector": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-28T00:00:00", "title": "openSUSE Security Update : open-vm-tools (openSUSE-2017-385)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5191"], "modified": "2017-03-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvmtools0", "p-cpe:/a:novell:opensuse:open-vm-tools-desktop-debuginfo", "p-cpe:/a:novell:opensuse:libvmtools0-debuginfo", "p-cpe:/a:novell:opensuse:open-vm-tools-debugsource", "p-cpe:/a:novell:opensuse:open-vm-tools-desktop", "p-cpe:/a:novell:opensuse:open-vm-tools-debuginfo", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:libvmtools-devel", "p-cpe:/a:novell:opensuse:open-vm-tools"], "id": "OPENSUSE-2017-385.NASL", "href": "https://www.tenable.com/plugins/nessus/99019", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-385.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99019);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5191\");\n\n script_name(english:\"openSUSE Security Update : open-vm-tools (openSUSE-2017-385)\");\n script_summary(english:\"Check for the openSUSE-2017-385 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for open-vm-tools to 10.1.0 stable brings features, fixes\nbugs and security issues :\n\n - New vmware-namespace-cmd command line utility\n\n - GTK3 support\n\n - Common Agent Framework (CAF)\n\n - Guest authentication with xmlsec1\n\n - Sub-command to push updated network information to the\n host on demand\n\n - Fix for quiesced snapshot failure leaving guest file\n system quiesced (bsc#1006796)\n\n - Fix for CVE-2015-5191 (bsc#1007600)\n\n - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496)\n\n - Add udev rule to increase VMware virtual disk timeout\n values (bsc#994598) \n\n - Fix vmtoolsd init script to run vmtoolsd in background\n (bsc#971031)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994598\"\n );\n # https://features.opensuse.org/322214\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected open-vm-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvmtools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvmtools0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvmtools0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-vm-tools-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libvmtools-devel-10.1.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libvmtools0-10.1.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libvmtools0-debuginfo-10.1.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"open-vm-tools-10.1.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"open-vm-tools-debuginfo-10.1.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"open-vm-tools-debugsource-10.1.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"open-vm-tools-desktop-10.1.0-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"open-vm-tools-desktop-debuginfo-10.1.0-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvmtools-devel / libvmtools0 / libvmtools0-debuginfo / etc\");\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5191"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310873213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873213", "type": "openvas", "title": "Fedora Update for open-vm-tools FEDORA-2017-4b4154d6f6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_4b4154d6f6_open-vm-tools_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for open-vm-tools FEDORA-2017-4b4154d6f6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873213\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:47:01 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2015-5191\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for open-vm-tools FEDORA-2017-4b4154d6f6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'open-vm-tools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"open-vm-tools on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-4b4154d6f6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC6D3BZUO535PA6K7MWXXDJAFE2JHN5K\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"open-vm-tools\", rpm:\"open-vm-tools~10.1.5~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5191"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310873161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873161", "type": "openvas", "title": "Fedora Update for open-vm-tools FEDORA-2017-08ec8b6dc4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_08ec8b6dc4_open-vm-tools_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for open-vm-tools FEDORA-2017-08ec8b6dc4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873161\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:07 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2015-5191\");\n script_tag(name:\"cvss_base\", value:\"3.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for open-vm-tools FEDORA-2017-08ec8b6dc4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'open-vm-tools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"open-vm-tools on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-08ec8b6dc4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QIKOPGHT5CTPEKNYZDCSQ6O5CAOJHBO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"open-vm-tools\", rpm:\"open-vm-tools~10.1.5~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5191", "CVE-2017-4922", "CVE-2017-4921", "CVE-2017-4923"], "description": "**a. Insecure library loading through LD_LIBRARY_PATH \n**\n\nVMware vCenter Server contains an insecure library loading issue that occurs due to the use of **LD_LIBRARY_PATH** variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation. \n\n**Note:** In order to exploit this issue an attacker should be able to trick the admin to execute wrapper scripts from a world writable directory. \n\nVMware would like to thank Thorsten T\u00fcllmann, researcher at Karlsruhe Institute of Technology for reporting this issue to us. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4921 to this issue. \n\n\nColumn 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "edition": 5, "modified": "2017-07-27T00:00:00", "published": "2017-07-27T00:00:00", "id": "VMSA-2017-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html", "title": "VMware vCenter Server and Tools updates resolve multiple security vulnerabilities", "type": "vmware", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}